Skip to main content

You're viewing an archived page. It is no longer being updated.

IPv6 and the RIPE Database

ipv4 ipv6 ripe database news announcement

The RIPE Database server supports IPv6 Whois queries. Client software that supports IPv6 is available for use.

Client

You can query the RIPE Database using a IPv6-enabled Whois client.  If your system does not already have one, you can download the RIPE Whois Client here.

Server

You can query the RIPE Database at the IPv6 address specified in the DNS for whois.ripe.net.

The RIPE Database currently uses an IPv6-to-IPv4 proxy for IPv6 queries.

Rationale for Proxy

The RIPE Database server uses IPv4 addresses for a number of purposes:

  • To identify the computer to which contact data, i.e. person or role objects, has been sent and limit the amount of such data sent.  Contact data count for an IP address increases by lookups and decays over time.  The number of objects can be varied by IP.
  • Other access controls, e.g. web proxy access.
  • Number of connections from a single IP to increase our resistance to denial of service attacks.

RFC 3177 recommends a /48 allocation for the general case. This means End Users will have 280 possible addresses to assign. Even in cases where a user gets a /64, they will still have a huge amount of addresses.  A malicious attacker or buggy client could either bypass all privacy restrictions or consume all available memory on our machine (e.g. by filling our tracking table).

A way to avoid problems may be to track users at the /48 boundary.  However, this would be unfair to a class of users who share a /48 with thousands of other hosts, such as at a  university.  Using a /64 is better but does not really solve this problem.

The RIPE NCC is using a proxy to provide immediate connectivity for IPv6 users and track the access patterns of this service to gain operational experience.

Design of the Proxy

The proxy maps each unique IPv6 address to a unique private IPv4 address (as defined in RFC 1918).  Unlike other IPv6-to-IPv4 proxies, the following apply:

  • The proxy being built keeps the IPv6-to-IPv4 mapping permanently.
  • The proxy uses existing IPv4 proxy mechanism to inform the server about the client address.

This allows the existing privacy restrictions to apply for IPv6 users.  A limited form of other IP-based restrictions are also built into the proxy.

Differences from IPv4

IPv6 service uses the same syntax as the IPv4 service but with the following exception:

The proxy flag, -V,  allows an IPv6 host to be specified as well as an IPv4 host.

RPSLng

The current server does not support the use of IPv6 in objects in the database, e.g. to describe IPv6 routing policy in aut-num objects.  An effort to extend the RPSL standard (as defined in RFC 2622) to include IPv6 and multicasting policies is underway. The RIPE NCC has agreed to implement a reference for the standard in both the server and the IRRToolSet. To participate in the work, please join the RPSLng Working Group.